roncoo roncoo-pay Function Level Authorization Vulnerability in Order Query Endpoint

A vulnerability exists in roncoo roncoo-pay versions up to 9428382af21cd5568319eae7429b7e1d0332ff40. The issue arises in the file '/auth/orderQuery', where the 'orderNo' argument can be manipulated to bypass authorization checks. This allows for direct requests to be made, retrieving authentication record statuses without proper user authorization. The vulnerability can be exploited remotely, although it requires a high level of complexity.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive authentication record information, potentially leading to further exploitation or data exposure.

Reproduction

To reproduce this vulnerability, send a direct request to the '/auth/orderQuery' endpoint with a valid 'payKey' and 'orderNo' argument. The response will include the status of the authentication record requested, without verifying if the user is authorized to access that specific record.